"We are continuing to actively engage with our customers and provide them with alternate ways to conduct business," CDK said in an emailed statement.
The attacked system is a software-as-a-service (SaaS) provider whose platform is used by car dealerships to run all aspects of its operation, including sales, financing, inventory, service and back-office functions. The Illinois-based company shut down most of its systems "out of an abundance of caution" for customers on June 19, as per CDK spokesperson Lisa Finney.
Bloomberg News reported that a group of hackers from Eastern Europe claiming responsibility for a cyberattack on CDK's software systems has demanded millions of dollars in ransom to put an end to the hack that paralyzed over 15,000 car dealerships across America.
"CDK is planning to make the payment, said the person, who asked not to be identified because the information is private. In the early days of any ransomware attack, discussions are fluid, and the situation could change," the news outlet reported.
On Friday, June 21, Diana Lee, the chief executive officer of Constellation, a marketing agency with strong ties in the auto industry, told the host of Bloomberg TV that the cyber incident is just mass chaos at this point and even worse than the Wuhan coronavirus (COVID-19).
"The dealer's required to actually run a DMS [document management system] for sales, service, parts, for every single functionality – even stocking a vehicle, you can't do it without the DMS system. So it is a disaster," Lee said.
The latest hacking incident adds to the growing threats of ransomware attacks in businesses heavily dependent on digital and IT infrastructure. Analysts raised their concerns and recommended investing in robust cybersecurity measures and incident response plans.
This year has already seen the cyberattack on Change Healthcare, a billing and payments unit owned by UnitedHealthcare, which led to total disruptions at healthcare clinics, medical billing companies and pharmacies. This attack, believed to have been the work of a ransomware gang known as ALPHV or BlackCat, ultimately cost UnitedHealthcare $872 million.
The attacks haven't slowed down since then. A "significant volume of data" was stolen from at least 165 customers of multi-cloud data warehousing platform Snowflake on June 10 and last week brought the news that data from LendingTree subsidiary QuoteWizard stolen in the Snowflake breach is being auctioned off to the highest bidder on cybercriminal forums. (Related: Will hackers cripple America with a cyberattack? Expert says it might happen in 2024.)
The BlackSuit ransomware gang is behind the CDK outage, according to multiple sources familiar with the matter. The same sources also said that CDK is negotiating with the ransomware gang to receive a decryptor and not leak stolen data.
In the meantime, car dealerships have had to switch to pen and paper to conduct their operations and car buyers would not be able to purchase a car or receive service for existing cars.
Two of the largest public car dealership companies, Penske Automotive Group and Sonic Automotive, disclosed that they, too, were impacted by the outages. "Our Premier Truck Group business utilizes CDK's dealer management system which has been disrupted," Penske shared in an SEC filing.
"We immediately took precautionary containment steps to protect our systems and commenced an investigation of the incident, which efforts are ongoing. Premier Truck Group has implemented its business continuity response plans and continues to operate at all locations through manual or alternate processes developed to respond to such incidents."
"As a result, the company experienced disruptions to its dealer management system hosted by CDK, which supports critical dealership operations including those supporting sales, inventory and accounting functions and its customer relationship management system," reported Sonic Automotive in an SEC filing. "All of the Company's dealerships are open and operating utilizing workaround solutions to minimize the disruption caused by this CDK outage."
Launched in May 2023, BlackSuit is believed to be a rebrand of the Royal ransomware operation, which was known as the direct successor of the notorious Conti cybercrime syndicate, an organized cybercrime gang comprised of Russian and Eastern European cybercriminals.
Head over to CyberWar.news for more stories like this.
Watch the video below that talks about cyberattacks and hacking incidents.
This video is from the TruNews channel on Brighteon.com.
Massive cyberattack hits U.S. Big Pharma leaving tens of thousands of prescriptions unfilled.